In a string of meetings and press releases, the federal government’s health watchdogs have delivered a stern message: They are cracking down on insurers, hospitals and doctors offices that don’t adequately protect the security and privacy of medical records.

“We’ve now moved into an area of more assertive enforcement,” Leon Rodriguez, then-director of the U.S. Department of Health and Human Services’ Office for Civil Rights, warned at a privacy and security forum in December 2012.

But as breaches of patient records proliferate – just this month, insurer Anthem revealed a hack that exposed information for nearly 80 million people – federal overseers have seldom penalized the health care organizations responsible for safeguarding this data, a ProPublica review shows.  Read more